US6108425AExpiredUtility

Method and apparatus for controlling the configuration of a cryptographic processor

58
Assignee: IBMPriority: Jun 30, 1997Filed: Jun 30, 1997Granted: Aug 22, 2000
Est. expiryJun 30, 2017(expired)· nominal 20-yr term from priority
H04L 9/3249H04L 2209/56
58
PatentIndex Score
44
Cited by
17
References
3
Claims

Abstract

The capabilities of a cryptographic module are controlled by a crypto configuration control (CCC) register that is initialized by one or more self-signed commands that are preformulated and signed with the digital signature key of the crypto module itself. The crypto module accepts a self-signed command only if the self-signature can be validated using the signature verification key of the module. In one implementation, the final configuration is determined by a single self-signed command. In another implementation, a first self-signed command is used to create an temporary configuration that allows one or more initialization authorities to issue additional commands fixing the final configuration. The self-signed commands are maintained separately from the crypto module and are distributed to the end user either physically or electronically. After the self-signed commands have been created and the secret exponent has been embedded in a particular crypto module, all copies of the secret exponent external to the crypto module are destroyed.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for initializing an information handling system controlled by a first private signature key and a second private signature key, said first and second private signature keys having corresponding first and second public verification keys, said second private signature key being held by an initialization authority, said method comprising the steps of: receiving a first message containing first initialization information for said system and a first digital signature generated on said first message using said first private signature key;   verifying said first digital signature using said first public verification key;   accepting said first initialization information only if said first digital signature is verified as being a valid signature using said first public verification key;   receiving a second message containing said second public verification key and a second digital signature generated on said second message using said first private signature key;   verifying said second digital signature using said first public verification key;   accepting said second public verification key only if said second digital signature is verified as being a valid signature using said first public verification key;   receiving a third message containing additional initialization information for said system and a third digital signature generated on said third message using said second private signature key;   verifying said third digital signature using said second public verification key; and   accepting said additional initialization information only if said third digital signature is verified as being a valid signature using said second public verification key.   
     
     
       2. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform the method steps of claim 1. 
     
     
       3. Apparatus for initializing an information handling system controlled by a first private signature key and a second private signature key, said first and second private signature keys having corresponding first and second public verification keys, said second private signature key being held by an initialization authority, said apparatus comprising: means for receiving a first message containing first initialization information for said system and a first digital signature generated on said first message using said first private signature key;   means for verifying said first digital signature using said first public verification key;   means for accepting said first initialization information only if said first digital signature is verified as being a valid signature using said first public verification key;   means for receiving a second message containing said second public verification key and a second digital signature generated on said second message using said first private signature key;   means for verifying said second digital signature using said first public verification key;   means for accepting said second public verification key only if said second digital signature is verified as being a valid signature using said first public verification key;   means for receiving a third message containing additional initialization information for said system and a third digital signature generated on said third message using said second private signature key;   means for verifying said third digital signature using said second public verification key; and   means for accepting said additional initialization information only if said third digital signature is verified as being a valid signature using said second public verification key.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.